Bookmark

OpenURL

Abstract

Abstract. We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts, and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several attacks on AES, and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key was recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we discuss a variety of countermeasures which can be used to mitigate such attacks.

...-integer operands in memory. The same potentially applies to ECC-based cryptosystems. Primitives that are normally implemented without lookup tables, such as the SHA family [40] and bitsliced Serpent =-=[9]-=-, are impervious to the attacks described here. However, to protect against timing attacks one should scrutinize implementations for use of instructions whose timing is key- and input-dependent (e.g.,...

...l cache parameters are given in Table 1. 7 This relatively slow reduction in DRAM latency has proven so reliable, and founded in basic technological hurdles, that it has been proposed by Abadi et al. =-=[1]-=- and Dwork et al. [21] as a basis for proof-of-work protocols. 8 In common terminology, W is called the associativity and the cache is called W -way set associative. 9 CPUs differ in their policy for ...

...esolution. They also demonstrate the effectiveness of analyzing the last round of AES instead of the first one, where applicable (see Section 3.8). Branch prediction and instruction cache attacks. In =-=[5,6,2]-=-, Acıiçmez et al. describe new classes of attacks that exploit the CPU instruction cache or its branch prediction mechanism, instead of the data cache considered herein. They demonstrate efficient RSA...

...esolution. They also demonstrate the effectiveness of analyzing the last round of AES instead of the first one, where applicable (see Section 3.8). Branch prediction and instruction cache attacks. In =-=[5,6,2]-=-, Acıiçmez et al. describe new classes of attacks that exploit the CPU instruction cache or its branch prediction mechanism, instead of the data cache considered herein. They demonstrate efficient RSA...

...esolution. They also demonstrate the effectiveness of analyzing the last round of AES instead of the first one, where applicable (see Section 3.8). Branch prediction and instruction cache attacks. In =-=[5,6,2]-=-, Acıiçmez et al. describe new classes of attacks that exploit the CPU instruction cache or its branch prediction mechanism, instead of the data cache considered herein. They demonstrate efficient RSA...

...s particularly elegant, since the lookup tables have concise algebraic descriptions, but performance is degraded by over an order of magnitude. 34 Another approach is that of bitslice implementations =-=[12]-=-. These employ a description of the cipher in terms of bitwise logical operations, and execute multiple encryptions simultaneously by vectorizing the operations across wide registers. Their performanc...